Copyright and Privacy Policy of Montafon Kristberg Cable Car Silbertal GmbH

With this notice, we would like to inform you about your rights regarding the collection and processing of your personal data by us. This information is provided in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Who is responsible for data processing and whom can you contact in case of questions?

Montafoner Kristbergbahn Silbertal GmbH is responsible for data processing.
If you have any questions about the processing of your data or other data protection-related concerns, you may contact us by post at the address listed in the Legal Notice – with the subject line “Data Protection Information” – or via email at gf@kristbergbahn.at

1. Scope

This Privacy Policy describes how Montafoner Kristbergbahn Silbertal GmbH (hereinafter referred to as “we” – see Legal Notice) as operator of the websites montafon.at/kristberg and kristbergbahn.at uses the personal information collected during your visit to the website, online applications and mobile platforms that include a link to this Privacy Policy.

This Privacy Policy does not apply to websites, online applications or mobile platforms that are not linked to this Privacy Policy, or to those operated by third parties (e.g. Facebook). We recommend that you review the privacy policies published on such websites, online applications or mobile platforms.

By using this website, you agree to the provisions of our Privacy Policy set out below.

The protection of personal data and the safeguarding of the fundamental right to privacy is of particular importance to us. You may withdraw your consent to this Privacy Policy or to individual provisions in writing at any time by contacting us.

If additional online services are used, the General Terms and Conditions (GTC) of the respective product in the valid version shall apply.

2. Collection of personal data

Data protection is very important to us. Personal data will only be collected, used and disclosed by us if this is permitted by law or if you consent to the collection of data.

Personal data means information that can be used to identify a person. This includes, for example:

• Master data (first name, surname, salutation, gender, date of birth, address, telephone number, email address)

• Data about business contacts (date, communication method, content)

• Ski pass data (WTP number, price, validity, access to lift facilities)

• Offer and contract data (offer date, delivery or service, delivery address, technical data, authorisations, consideration)

• Event data (place and date, registration details)

• Opinions (feedback, surveys)

• Invoice data (object, prices, invoice amounts, voucher data)

• Payment processing data (bank details, SEPA mandate, account data of our business partner accounting, reminders)

• Biometric data (photo)

• Biometric data (surveillance cameras)

We only collect and process the data that is necessary. In individual cases, fewer than the above-mentioned data may be sufficient.

We collect personal data from you in three ways: directly from your entries, automatically through the technologies of the websites, and through the photo recording system.

2.1. Information provided by you

The information you enter voluntarily in order to use our services may, in addition to the data listed under point 2 “Collection of personal data”, also include titles you provide voluntarily, as well as further information you may submit (e.g. videos, images, texts, etc.) in connection with participation in competitions.

2.2. Information collected automatically

Our website automatically collects certain information about your use of the service for the purposes of data security and user-friendliness:

Access data / server log files: We collect data on every access to the service (so-called server log files). Access data includes: name of the accessed web page, file, date and time of access, data volume transferred, notification of successful access, browser type including version, the user’s operating system, referrer Uniform Resource Locator (URL) (the previously visited page), IP address and the requesting provider.

We use the log data only for statistical evaluations for the purpose of operating, securing and optimising the service. However, we reserve the right to subsequently check the log data if there are concrete indications of justified suspicion of unlawful use.

Photo recording system at access control

For the purpose of access control, a reference photo of you is taken when you first pass through a turnstile equipped with a camera. Each time you subsequently pass through such a turnstile, a control photo is taken. Our staff compare the reference photo with the control photos to verify access authorisation.

The reference photo is deleted immediately after the expiry of the validity of the ticket, and the control photos are deleted no later than 30 minutes after each passage through the turnstile. All data is stored in encrypted form.

This data processing is carried out on the basis of the legitimate interests of the controller (Art. 6 (1) (f) GDPR), in order to prevent the unauthorised transfer of tickets, which is expressly prohibited by contract.

Video surveillance

To protect individuals, facilities and our property, and to prevent and investigate theft, vandalism and security incidents, Montafoner Kristbergbahn Silbertal GmbH uses video surveillance at selected locations. The recordings serve both the safety of our guests and the protection of the company.

The areas recorded are:

• the vending kiosk in the indoor area opposite the valley station (theft and vandalism prevention)

• the ticket machine in the outdoor area opposite the valley station (theft and vandalism prevention)

• the intermediate stations Schöni and Stelza (safety monitoring, as they are unmanned entry and exit points)

• the conveyor belt at the Kristberg lift behind St. Agatha chapel (winter only, safety monitoring as unmanned)

The legal basis for processing is the legitimate interest pursuant to Art. 6 (1) (f) GDPR in conjunction with § 12 DSG (protection of persons, facilities and property, prevention and investigation of incidents).

The retention period of the recordings is a maximum of 72 hours. If a security-related incident is identified within this period, storage may be extended until final clarification and legal enforcement. The recordings are stored exclusively on the company’s own video server located in the valley station of Montafoner Kristbergbahn.

Access to the recordings is restricted to authorised internal management personnel using secure login data. In case of an incident, data may be transmitted to competent authorities (e.g. police), insurance companies or legal representatives.

In addition, there are other cameras located outside the valley and mountain stations that do not record. They are used solely for ongoing operations, providing an overview of the car park and access to the stations. They have reduced image quality and are not stored.

Data subjects have the rights to access, rectification, erasure, restriction of processing and objection pursuant to Art. 15 ff. GDPR. Complaints may be submitted directly to us at info@kristbergbahn.at.

2.3. Cookies and tracking pixels

We use browser-side “session cookies”, “persistent cookies”, “third-party cookies” and tracking pixels. Cookies are small files with configuration settings that help us determine the frequency of use and type of use of our websites. Cookies also enable the implementation of certain user functions. We do not collect any personal data through cookies and tracking pixels.

• “Session” cookies are temporary and are deleted when the browser is closed.

• “Persistent” cookies remain until they expire or are manually deleted.

• “Tracking pixels” (also known as 1x1 pixel or clear GIFs) are small graphic files that enable recording or analysis.

• “Third-party” cookies, such as those from Google Inc., are used for behaviour-based advertising. A link to the latest version of their privacy policy is provided.

By using this website, you agree to the reading, processing, transfer and storage of information by cookies and tracking pixels.

Disabling cookies

There are several ways to manage cookies. The “Help” button on most browser toolbars explains how to stop accepting cookies, how to be notified when a new cookie is set, and how to block cookies altogether. Blocking cookies may prevent you from registering, logging in or making full use of our services.

You can manage many online advertising cookies from companies via the US site http://optout.aboutads.info or the EU site https://www.youronlinechoices.com/uk/your-ad-choices.

2.4. Web analytics

Google Analytics

We use various web analytics services, including Google Analytics by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. These services use “cookies”, text files stored on your computer, which allow an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to the servers of the analytics services (Google in the USA) and stored there.

These services use this information to evaluate your use of the website, compile reports on website activity for the website operators, and provide other services related to website and internet usage. The IP address transmitted by the user’s browser as part of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of the data generated by the cookie relating to your use of the website (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/ and https://policies.google.com/.

We point out that Google Analytics on this website has been extended by the service “AnonymizeIP” to ensure anonymised collection of IP addresses (so-called IP masking).

Google Remarketing

We use Google Remarketing technology, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. This function enables us to target you as a website visitor with personalised, interest-based advertising when you visit other websites in the Google or DoubleClick display network.

Google uses cookies stored on your computer to analyse your website usage, demographic characteristics and interests. The information generated is transmitted to a Google server, stored there and can be analysed by us for statistical purposes and to create interest-based advertisements. Google may also transfer this information to third parties where required by law or where third parties process the information on Google’s behalf.

You may object to the collection and storage of data at any time with effect for the future. You can disable the use of cookies by Google by visiting https://policies.google.com/technologies/ads. Alternatively, you can disable the use of cookies by third parties by visiting the Network Advertising Initiative deactivation page at http://optout.networkadvertising.org.

Further information about Google’s privacy policy can be found at https://policies.google.com/privacy.

Custom Audience (Facebook)

We use Facebook’s “Custom Audience” technology, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Data collected through the integration of cookies, web beacons or similar third-party technologies allows us to measure and optimise our advertising activities on Facebook – for example by displaying posts or ads only to visitors of our website.

We only use tested and widely adopted third-party technologies for this purpose. We do not forward or upload lists of personal data to Facebook. Data collected is transmitted to Facebook in encrypted form. We cannot view any personal data of individual users.

Further information can be found in Facebook’s Privacy Policy at https://www.facebook.com/about/privacy. If you do not wish data to be collected via “Custom Audience”, you can deactivate it at https://www.facebook.com/settings.

The use of these web analytics services helps us to continuously improve our functions and services. Only non-personal data is used for analysis and reporting. This data is not merged with other personal data.

By using this website, you consent to the processing of data collected about you by web analytics services in the manner and for the purposes described above.

2.5. Social plugins

Our website uses an “Addthis” plugin. These services are offered by Oracle Corporation, based in the United States.

2.6. Integration of third-party services and content

It is possible that third-party content, such as YouTube videos, Google Maps material, RSS feeds or graphics from other websites, may be integrated into this online offering. This always requires that the providers of such content (hereinafter referred to as “third-party providers”) perceive the user’s IP address, as they could not send the content to the browser without it. The IP address is therefore required to display this content.

We strive to use only such content whose providers use the IP address solely for delivering the content. However, we have no influence if third-party providers store the IP address, e.g. for statistical purposes. Where this is known to us, we inform users accordingly.

3. On what legal basis and for what purposes is data processing carried out?

We process your personal data for the performance of contracts (e.g. mountain cable car ticket sales, event contracts), for the fulfilment of other legal obligations (e.g. accident reporting), on the basis of your consent and/or on the basis of legitimate interests (guest service, advice, feedback, newsletters, marketing, advertising, cookies, web analytics), provided that your interests in confidentiality do not outweigh ours.

For the performance of contractual obligations (Article 6 (1) (b) GDPR):
The processing of personal data is carried out for the fulfilment of our contractual obligations, in particular to execute our contracts with you and all related activities necessary in the operation and management of a tourism business.

The purposes of data processing for contract performance primarily include the handling of sponsorships and sales (tickets and vouchers), invoicing, dunning, as well as the management of contracts and contacts with business partners.

For the fulfilment of legal obligations (Article 6 (1) (c) GDPR):
The processing of personal data is also carried out to comply with legal obligations, such as corporate and tax retention obligations, safety measures, and, in individual cases, providing information to law enforcement authorities and courts.

On the basis of your consent (Article 6 (1) (a) GDPR):
If you have given us consent to process your personal data, processing will only take place for the purposes specified in the consent and within the agreed scope. You may withdraw any consent given at any time with effect for the future.

To safeguard legitimate interests where your confidentiality interests do not override (Article 6 (1) (f) GDPR):
We also process your data to promote our own products and for market and opinion research. To provide you with better tailored advertising or offers, we analyse data relevant to our marketing purposes.

Our legitimate interest lies in offering existing or potential business partners product contracts and services tailored to their needs (e.g. events, offers).

You have the right to object at any time to the processing of your personal data for the purpose of direct marketing (see point 6 for details).

4. To whom is your data disclosed?

If you have purchased a Montafon Brandnertal Card, all members of this pool have access to your data (you can find a list of the cable car operators with access to your data via this link). This is necessary so that you can use the services of the other pool members and so that we can internally settle the fees you have paid. Access by the other pool members takes place via a processor commissioned by us.

In addition, other processors commissioned by us (e.g. IT service providers such as Team Axess, elements, debt collection agencies) receive your data, provided this is necessary for the fulfilment of the respective service or for the fulfilment of the data uses described in this Privacy Policy. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the assignment given by us.

If there is a legal obligation, we transmit personal data to public authorities and institutions (e.g. law enforcement authorities, courts).

5. How long will your data be processed and stored?

We process your personal data only as long as necessary. Once your data is no longer required, it will be automatically deleted or anonymised.

We store the personal data necessary for the performance of contracts for the entire duration of the business relationship and, beyond that, in accordance with the statutory retention and documentation obligations.

6. What rights do you have?

Right of access
If we process your personal data, you have the right to obtain information about the purposes of the processing, the categories of personal data processed, the recipients of this personal data, the storage period, your applicable rights, the source of the personal data and the existence of automated decision-making.

Rectification and erasure
You have the right to request the rectification of incorrect or incomplete personal data concerning you. You also have the right to request the erasure of personal data concerning you if the processing of such data is unlawful and no legal obligations on our part prevent such erasure.

Restriction of processing
You have the right to request the restriction of the processing of your data.

Data portability
You have the right to request the transfer of the data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to request that the personal data be transmitted directly by us to another controller, where technically feasible.

Objection
Even if your personal data is accurate and complete and lawfully processed by us, you may object to the processing of this data in special cases that you justify. You may also object at any time to the transfer of your data for the purposes of direct marketing.

Exercise of data subject rights
Data subjects may exercise all rights as described in point 6. They must identify themselves and contribute to their identification to ensure that the response is actually provided to the data subject.

Complaint
You may also lodge a complaint directly with us at gf@kristbergbahn.at.

7. Data security

We use a variety of data security measures to ensure the confidentiality and integrity of your personal information.

8. Changes to this Privacy Policy

If we change this Privacy Policy, we will publish the updated version with a revised version date here.

Privacy Policy – Version February 2025